Cyber Vulnerabilities Reported in Becton Dickinson’s Alaris Plus Syringe Pumps

The Department of Homeland Security warned that Becton Dickinson’s Alaris Plus medical syringe pump is vulnerable to a remote attacker gaining unauthorized access and gaining control of the pump when it’s connected to a terminal server via the serial port.

BD reported that the affected pumps are sold in the European Union. The vulnerable pumps include the Alaris GS, Alaris GH, Alaris CC, and the Alaris TIVA.

The cybersecurity firm CyberMDX discovered the vulnerability, and BD reported it to the DHS Industrial Control Systems Cyber Emergency Response Team.  BD said the vulnerability can’t be accessed if the device is connected to the Alaris Gateway workstation docking station and an attacker can’t switch the device on remotely.